Originally Posted by olaus
does that code also affect the passwords for the web-login ( stored in mysql isp_isp_kunde:webadmin_passwort ) ?
those are anyway more vulnerable than the ones in /etc/shadow because mysql-access rights are enough to read them.
These are totally different passwords.
The password in the field isp_isp_kunde:webadmin_passwort is an md5 encrypted password of the client for the ISPConfig web interface. Do not mix them up with the /linux) user passwords this thread is about.
The client passwords are encrypted with totally different algorithms so they are not affected bythe issue described in this thread. Also we can not store passwords in /etc/shadow that we need for authentication in the web interface.